CNNVD-202602-1091 Information

CNNVD ID

CNNVD-202602-1091

Related CVE

CVE-2026-25561

• CNNVD Published: 2026-02-07

Description (Chinese)

WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞，该漏洞源于附件上传API未充分验证提供的标识符一致性和关联性，可能导致尝试上传具有不匹配对象关系的附件。

Description (English)

Wekan is a panel application from WeKan Open Source. There was a security loophole in the previous version of Wekan 8.19, which stemmed from the fact that the uploading of annexes to API did not fully verify the consistency and relevance of the identifiers provided, which could lead to an attempt to upload annexes with incompatible object relationships.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WeKan

Published

2026-02-07

Last Modified

2026-02-24

References

https://github.com/wekan/wekan/commit/1d16955b6d4f0a0282e89c2c1b0415c7597019b8 https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-attachment-upload-object-relationship-validation-bypass https://access.redhat.com/security/cve/cve-2026-25561

Patch

https://github.com/wekan/wekan/releases